From 851c8bfb03c20fba2b850a7d3e44b765d2ff848b Mon Sep 17 00:00:00 2001 From: Sebastian Hugentobler Date: Wed, 3 Aug 2016 11:38:20 +0200 Subject: [PATCH] initial commit --- .gitignore | 3 + Dockerfile | 76 ++++++++++ rootfs/etc/confd/conf.d/server.yaml.toml | 3 + rootfs/etc/confd/templates/server.yaml.tmpl | 149 ++++++++++++++++++++ rootfs/etc/cont-init.d/synapse-keys | 10 ++ rootfs/etc/fix-attrs.d/01-synapse | 2 + rootfs/etc/services.d/synapse/run | 5 + 7 files changed, 248 insertions(+) create mode 100755 .gitignore create mode 100644 Dockerfile create mode 100644 rootfs/etc/confd/conf.d/server.yaml.toml create mode 100644 rootfs/etc/confd/templates/server.yaml.tmpl create mode 100644 rootfs/etc/cont-init.d/synapse-keys create mode 100644 rootfs/etc/fix-attrs.d/01-synapse create mode 100644 rootfs/etc/services.d/synapse/run diff --git a/.gitignore b/.gitignore new file mode 100755 index 0000000..af0faab --- /dev/null +++ b/.gitignore @@ -0,0 +1,3 @@ +*~ +.DS_Store +*.swp diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..cf7d1a0 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,76 @@ +FROM thallian/confd-env:latest + +ENV VERSION v0.17.0-rc1 + +RUN addgroup synapse +RUN adduser -h /var/lib/synapse -D -G synapse synapse + +RUN apk add --no-cache \ + bash \ + coreutils \ + curl \ + file \ + gcc \ + postgresql-dev \ + libffi \ + libffi-dev \ + libjpeg-turbo \ + libjpeg-turbo-dev \ + libssl1.0 \ + libtool \ + libxml2 \ + libxml2-dev \ + libxslt \ + libxslt-dev \ + linux-headers \ + make \ + musl \ + musl-dev \ + openldap \ + openldap-dev \ + openssl-dev \ + pwgen \ + py-pip \ + py-virtualenv \ + python \ + python-dev \ + sqlite \ + sqlite-libs \ + unzip \ + zlib \ + zlib-dev + +RUN virtualenv -p python /var/lib/synapse +RUN source /var/lib/synapse/bin/activate && \ + pip install --upgrade setuptools && \ + pip install psycopg2 && \ + pip install python-ldap && \ + pip install https://github.com/matrix-org/synapse/tarball/$VERSION + +RUN apk del \ + coreutils \ + file \ + gcc \ + postgresql-dev \ + libffi-dev \ + libjpeg-turbo-dev \ + libtool \ + libxml2-dev \ + libxslt-dev \ + linux-headers \ + make \ + musl-dev \ + openldap-dev \ + openssl-dev \ + python-dev \ + sqlite-libs \ + zlib-dev + +RUN chown -R synapse:synapse /var/lib/synapse +ENV HOME /var/lib/synapse + +ADD /rootfs / + +EXPOSE 8448 + +VOLUME /var/lib/synapse/media_store/ /var/lib/synapse/signing/ /etc/ssl/synapse/ diff --git a/rootfs/etc/confd/conf.d/server.yaml.toml b/rootfs/etc/confd/conf.d/server.yaml.toml new file mode 100644 index 0000000..8ba675c --- /dev/null +++ b/rootfs/etc/confd/conf.d/server.yaml.toml @@ -0,0 +1,3 @@ +[template] +src = "server.yaml.tmpl" +dest = "/var/lib/synapse/server.yaml" \ No newline at end of file diff --git a/rootfs/etc/confd/templates/server.yaml.tmpl b/rootfs/etc/confd/templates/server.yaml.tmpl new file mode 100644 index 0000000..1199f98 --- /dev/null +++ b/rootfs/etc/confd/templates/server.yaml.tmpl @@ -0,0 +1,149 @@ +tls_certificate_path: "/etc/ssl/synapse/fullchain.pem" +tls_private_key_path: "/etc/ssl/synapse/privkey.pem" +tls_dh_params_path: "/var/lib/synapse/signing/dhparams.pem" +no_tls: False + +server_name: "{{getenv "SERVER_NAME"}}" + +pid_file: /var/lib/synapse/homeserver.pid + +web_client: True + +# The public-facing base URL for the client API (not including _matrix/...) +# public_baseurl: https://example.com:8448/ + +soft_file_limit: 0 + +listeners: + - + port: 8448 + bind_address: '' + type: httpp + tls: true + x_forwarded: false + resources: + - + names: + - client + - webclient + compress: true + + - names: [federation] + compress: false + + - port: 8008 + tls: false + bind_address: '' + type: http + x_forwarded: false + + resources: + - names: [client, webclient] + compress: true + - names: [federation] + compress: false + +database: + name: "psycopg2" + args: + user: {{getenv "DB_USER"}} + password: {{getenv "DB_PASSWORD"}} + database: {{getenv "DB_NAME"}} + host: {{getenv "DB_HOST"}} + cp_min: 5 + cp_max: 10 + +event_cache_size: "10K" + +verbose: 0 +log_file: "/var/lib/synapse/homeserver.log" +log_config: "/var/lib/synapse/log.config" + +rc_messages_per_second: 0.2 +rc_message_burst_count: 10.0 +federation_rc_window_size: 1000 +federation_rc_sleep_limit: 10 +federation_rc_sleep_delay: 500 +federation_rc_reject_limit: 50 +federation_rc_concurrent: 3 + +media_store_path: "/var/lib/synapse/media_store" +uploads_path: "/var/lib/synapse/uploads" +max_upload_size: "{{getenv "MAX_UPLOAD_SIZE"}}" +max_image_pixels: "{{getenv "MAX_THUMBNAIL_PIXELS"}}" +dynamic_thumbnails: {{getenv "DYNAMIC_THUMBNAILS"}} + +thumbnail_sizes: +- width: 32 + height: 32 + method: crop +- width: 96 + height: 96 + method: crop +- width: 320 + height: 240 + method: scale +- width: 640 + height: 480 + method: scale +- width: 800 + height: 600 + method: scale + +url_preview_enabled: False +enable_registration_captcha: False + +# The public URIs of the TURN server to give to clients +turn_uris: [] + +# The shared secret used to compute passwords for the TURN server +turn_shared_secret: "YOUR_SHARED_SECRET" + +# How long generated TURN credentials last +turn_user_lifetime: "1h" + +enable_registration: False +allow_guest_access: False + +trusted_third_party_id_servers: + - matrix.org + - vector.im + +enable_metrics: {{getenv "ENABLE_METRICS"}} +report_stats: {{getenv "REPORT_STATS"}} + +room_invite_state_types: + - "m.room.join_rules" + - "m.room.canonical_alias" + - "m.room.avatar" + - "m.room.name" + +app_service_config_files: [] + +macaroon_secret_key: "{{getenv "MACAROON_SECRET_KEY"}}" +expire_access_token: False + +signing_key_path: "/var/lib/synapse/signing/signing.key" +old_signing_keys: {} + +key_refresh_interval: "1d" # 1 Day. + +perspectives: + servers: + "matrix.org": + verify_keys: + "ed25519:auto": + key: "Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw" + +ldap_config: + enabled: true + uri: "{{getenv "LDAP_URI"}}" + start_tls: true + base: "{{getenv "LDAP_BASE_DN"}}" + attributes: + uid: "{{getenv "LDAP_UID_ATTRIBUTE"}}" + mail: "{{getenv "LDAP_MAIL_ATTRIBUTE"}}" + name: "{{getenv "LDAP_NAME_ATTRIBUTE"}}" + bind_dn: "{{getenv "LDAP_BIND_DN"}}" + bind_password: "{{getenv "LDAPBIND_PASSWORD"}}" + filter: "{{getenv "LDAP_FILTER"}}" diff --git a/rootfs/etc/cont-init.d/synapse-keys b/rootfs/etc/cont-init.d/synapse-keys new file mode 100644 index 0000000..8f9f2ab --- /dev/null +++ b/rootfs/etc/cont-init.d/synapse-keys @@ -0,0 +1,10 @@ +#!/usr/bin/with-contenv sh + +if [ ! -f /var/lib/synapse/signing/signing.key ]; then + source /var/lib/synapse/bin/activate + s6-setuidgid synapse python -B -m synapse.app.homeserver -c server.yaml --generate-config --report-stats=no +fi + +if [ ! -f /var/lib/synapse/signing/dhparams.pem ]; then + openssl dhparam -out /var/lib/synapse/signing/dhparams.pem $DHPARAM_LENGTH +fi diff --git a/rootfs/etc/fix-attrs.d/01-synapse b/rootfs/etc/fix-attrs.d/01-synapse new file mode 100644 index 0000000..16ac9d0 --- /dev/null +++ b/rootfs/etc/fix-attrs.d/01-synapse @@ -0,0 +1,2 @@ +/var/lib/synapse/signing/ true synapse 0640 0750 +/var/lib/synapse/media_store/ true synapse 0640 0750 \ No newline at end of file diff --git a/rootfs/etc/services.d/synapse/run b/rootfs/etc/services.d/synapse/run new file mode 100644 index 0000000..8274cb9 --- /dev/null +++ b/rootfs/etc/services.d/synapse/run @@ -0,0 +1,5 @@ +#!/usr/bin/with-contenv sh + +cd /var/lib/synapse +source /var/lib/synapse/bin/activate +s6-setuidgid synapse python -B -m synapse.app.homeserver -c server.yaml